CLAIMS: 

1. A method for controlling transfer of data between a service 
provider and a user in a communication system where the service provider 
possesses a privacy policy, the method comprising the steps of: 

introducing to a broker a usage policy for constraints related to data of 

a user; 

receiving a request for data associated with the user from a service 
provider to the broker; 

checking, in the broker, the request against a usage policy of the user, 

and 

deciding if the data can be released. 

2. A method according to claim 1, further comprising the step of 
using the user to define the usage policy for the constraints related to the data. 

3. A method according to claim 1, further comprising the step of 
providing a predefined set of privacy policies and usage policies. 

4. A method according to claim 3, wherein the providing step 
comprises providing the privacy policies and the usage policies comprising 
similar information elements. 

5. A method according to claim 3, wherein the providing step 
comprises providing at least one of the privacy policies and at least one of the 
usage policies which specify a strictness level describing the constraints 
related to the data. 

6. A method according to claim 3, further comprising the step of 
using the user to choose the usage policies for the constraints related to the 
data. 
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7. A method according to claim 5, further comprising the step of 
releasing user data if the at least one of the privacy policies of the service 
provider matches with the specified strictness level of the at least one of the 
usage policies of the user. 

8. A method according to claim 5, further comprising the step of 
indicating, by the broker, the strictness level of the at least one of the usage 
policies of the user to the service provider if the at least one of the privacy 
policies of the service provider does not match with the specified strictness 
level of the at least one of the usage policies of the user. 

9. A method according to claim 5, further comprising the step of 
allowing the user to reduce a usage policy requirement if the at least one of the 
privacy policies of the service provider does not match with the specified 
strictness level of the at least one of the usage policies of the user. 

10. A method according to claim 1, farther comprising the step of 
attaching an electronically signed usage policy to the data when the data is 
released. 

11. A data transfer system comprising: 

a service provider possessing a privacy policy; and 

a broker hosting a usage policy for constraints related to data of a user, 
configured for checking a request from the service provider against the usage 
policy of the user and for deciding if data associated with the user can be 
released in response to the request. 

12. A data transfer system comprising: 

introducing means for introducing to a broker a usage policy for 
constraints related to data of a user; 
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receiving means for receiving a request for data associated with the 
user from a service provider to the broker; 

checking means for checking, in the broker, the request against a usage 
policy of the user, and 

deciding means for deciding if the data can be released. 
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